Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jo_rang
Staff
Staff

Created on ‎05-22-2025 06:29 AM Edited on ‎05-28-2025 06:37 AM By Moderator

Article Id 392975

Technical Tip: FortiGates in Belgium unable to resolve hostnames when using OpenDNS as DNS servers

Description This article explains why DNS resolution might fail when the FortiGate is configured to use OpenDNS servers 208.67.222.222 or 208.67.220.220.
Scope FortiGate.
Solution

FortiGates deployed in the Country of Belgium might face DNS resolution issues when they are configured to use OpenDNS as their DNS servers.

 

config system dns
    set primary 208.67.222.222
    set secondary 208.67.220.220
end

 

When trying to resolve names, the FortiGate may display the following error:

 

fgt01 # exe ping fortinet.com
unable to resolve hostname

 

A sniffer will show that the DNS server is responding to the DNS query with the following message:

 

Effective.April.11,.2025:.Due.to.a.court.order.in.Belgium.requiring.the.implementation.

of.blocking.measures.to.prevent.access.within.Belgium.to.certain.domains,

.the.OpenDNS.service.

is.not.currently.available.to.users.in.Belgium"

 

diagnose sniffer packet any "host 208.67.222.222 or host 208.67.220.220" 6 0 l

 

 SNiffer.png

 

The solution is to switch to other DNS servers, such as FortiGuard DNS servers.

 

config system dns
    set primary 96.45.45.45
    set secondary 96.45.46.46
end
265
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.